Reputation: 12486
I have installed devise.
I did,
rails g cancan:ability
This is the Ability class I got in app/models
class Ability
include CanCan::Ability
def initialize(user)
# Define abilities for the passed in user here. For example:
#
# user ||= User.new # guest user (not logged in)
# if user.admin?
# can :manage, :all
# else
# can :read, :all
# end
#
# The first argument to `can` is the action you are giving the user permission to do.
# If you pass :manage it will apply to every action. Other common actions here are
# :read, :create, :update and :destroy.
#
# The second argument is the resource the user can perform the action on. If you pass
# :all it will apply to every resource. Otherwise pass a Ruby class of the resource.
#
# The third argument is an optional hash of conditions to further filter the objects.
# For example, here the user can only update published articles.
#
# can :update, Article, :published => true
#
# See the wiki for details: https://github.com/ryanb/cancan/wiki/Defining-Abilities
end
end
posts table
Table "public.posts"
Column | Type | Modifiers
-------------+------------------------+----------------------------------------------------
id | integer | not null default nextval('posts_id_seq'::regclass)
title | character varying(100) | not null
content | character varying(500) | not null
created_at | date |
updated_at | date |
tags | character varying(55) | not null default '50'::character varying
category_id | integer | not null default 1
user_id | integer |
Indexes:
"posts_pkey" PRIMARY KEY, btree (id)
users table
Table "public.users"
Column | Type | Modifiers
------------------------+-----------------------------+----------------------------------------------------
id | integer | not null default nextval('users_id_seq'::regclass)
email | character varying(255) | not null default ''::character varying
encrypted_password | character varying(128) | not null default ''::character varying
reset_password_token | character varying(255) |
reset_password_sent_at | timestamp without time zone |
remember_created_at | timestamp without time zone |
sign_in_count | integer | default 0
current_sign_in_at | timestamp without time zone |
last_sign_in_at | timestamp without time zone |
current_sign_in_ip | character varying(255) |
last_sign_in_ip | character varying(255) |
confirmation_token | character varying(255) |
confirmed_at | timestamp without time zone |
confirmation_sent_at | timestamp without time zone |
username | character varying(255) | not null
is_admin | boolean | default false
created_at | timestamp without time zone |
updated_at | timestamp without time zone |
Indexes:
"users_pkey" PRIMARY KEY, btree (id)
"index_users_on_confirmation_token" UNIQUE, btree (confirmation_token)
"index_users_on_email" UNIQUE, btree (email)
"index_users_on_reset_password_token" UNIQUE, btree (reset_password_token)
"index_users_on_username" UNIQUE, btree (username)
Now how can I set up cancan to allow/deny some actions of PostController, CommentsController? If the user.is_admin = true
then user can edit, delete posts, comments. Otherwise a normal user can only add post after registering. Any guest user can comment for any post.
In PostsController I have
before_filter :authenticate_user! , :except => [:index, :show, :bla1, :bla2, :bla3, :bla4, :bla5, :bla6, :bla7, :bla8, :bla9]
In every controller I had to write such line, that's tedious. Is there any shortcut way to reduce such line in every controller?
Upvotes: 1
Views: 728
Reputation: 3669
you should set your ability.rb this way.
class Ability
include CanCan::Ability
def initialize(user)
# rules for admin
if user.is_admin?
#if admin can do anything
can :manage, :all
#if admin can only edit and destroy posts and comments
can :edit, Post
can :destroy, Post
can :edit, Comment
can :destroy, Comment
end
#rules for registred user
can :create, Post
end
end
and in yours controllers
class PostsController < ApplicationController
authorize_resource :except => show
end
class CommentsController < ApplicationController
authorize_resource :only => [:edit,:update,:destroy]
end
Hope it will be helpfull. :)
Upvotes: 2